Re: Review Request 49286: AmbariServer looks for ldap_url, container_dn in blueprint even for MIT security type
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49286/#review139905
---
Ship it!
Ship It!
- Alejandro Fernandez
On June 27, 2016, 11:13 p.m., Robert Levas wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49286/
> ---
>
> (Updated June 27, 2016, 11:13 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Denys Buzhor, Jonathan
> Hurley, and Yusaku Sako.
>
>
> Bugs: AMBARI-17320
> https://issues.apache.org/jira/browse/AMBARI-17320
>
>
> Repository: ambari
>
>
> Description
> ---
>
> `ldap_url` and `container_dn` are expected for MIT security type. They
> should only be required for AD integration.
>
> # Example BP
> ```
> {
> "configurations": [
> {
> "cluster-env": {
> "properties": {
> "command_retry_max_time_in_sec": "1200"
> }
> }
> },
> {
> "kerberos-env": {
> "properties": {
> "realm": "EXAMPLE.COM",
> "kdc_type": "mit-kdc",
> "kdc_hosts": "kdc.example.com",
> "admin_server_host": "kdc.example.com",
> "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
> "service_check_principal_name": "cl1-QutreRP8p3"
> }
> }
> },
> {
> "krb5-conf": {
> "properties": {
> "domains": "",
> "manage_krb5_conf": "true"
> }
> }
> }
> ],
> "host_groups": [
> {
> "name": "host1",
> "cardinality": "1",
> "components": [
> {
> "name": "DATANODE"
> },
> {
> "name": "NFS_GATEWAY"
> },
> {
> "name": "HDFS_CLIENT"
> },
> {
> "name": "NODEMANAGER"
> },
> {
> "name": "YARN_CLIENT"
> },
> {
> "name": "MAPREDUCE2_CLIENT"
> },
> {
> "name": "HBASE_REGIONSERVER"
> },
> {
> "name": "HBASE_CLIENT"
> },
> {
> "name": "PHOENIX_QUERY_SERVER"
> },
> {
> "name": "HIVE_CLIENT"
> },
> {
> "name": "HCAT"
> },
> {
> "name": "OOZIE_CLIENT"
> },
> {
> "name": "ZOOKEEPER_CLIENT"
> },
> {
> "name": "SUPERVISOR"
> },
> {
> "name": "FALCON_CLIENT"
> },
> {
> "name": "FLUME_HANDLER"
> },
> {
> "name": "METRICS_MONITOR"
> },
> {
> "name": "RANGER_TAGSYNC"
> },
> {
> "name": "TEZ_CLIENT"
> },
> {
> "name": "PIG"
> },
> {
> "name": "SQOOP"
> },
> {
> "name": "SLIDER"
> },
> {
> "name": "KERBEROS_CLIENT"
> },
> {
> "name": "MAHOUT"
> },
> {
> "name": "HST_AGENT"
> },
> {
> "name": "LOGSEARCH_LOGFEEDER"
> },
> {
> "name": "LOGSEARCH_SOLR_CLIENT"
> }
> ]
> }
> ],
> "Blueprints": {
> "blueprint_name": "bp1",
> "stack_name": "HDP",
> "stack_version": "2.5"
> }
> }
> ```
>
> ```
> curl -H "X-Requested-By:ambari" -u admin:admin -i -X POST -d @./bp1.json
> http://localhost:8080/api/v1/blueprints/bp1
> HTTP/1.1 100 Continue
>
> HTTP/1.1 400 Bad Request
> Date: Mon, 20 Jun 2016 19:02:27 GMT
> X-Frame-Options: DENY
> X-XSS-Protection: 1; mode=block
> Set-Cookie: AMBARISESSIONID=1a4dqzhedwoog4xg8jbu36e2q;Path=/;HttpOnly
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> User: admin
> Content-Type: text/plain
> Content-Length: 227
> Server: Jetty(9.2.11.v20150529)
>
> {
> "status" : 400,
> "message" : "Blueprint configuration validation failed: Missing required
> properties. Specify a value for these properties in the blueprint
> configuration. {host1={kerberos-env=[ldap_url, container_dn]}}"
> }
> ```
>
> # Solution
> Remove the `require-input` flag from the offending properties. This UI
> appears to handle making the fields required if necessary. Eventually a
> conditionally-required-input type should be created to handle this
> dynamically.
>
>
> Diffs
> -
>
>
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
> 98d2ada
>
> Diff: https://reviews.apa
Re: Review Request 49286: AmbariServer looks for ldap_url, container_dn in blueprint even for MIT security type
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49286/#review139779
---
Ship it!
Ship It!
- Jonathan Hurley
On June 27, 2016, 7:13 p.m., Robert Levas wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49286/
> ---
>
> (Updated June 27, 2016, 7:13 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Denys Buzhor, Jonathan
> Hurley, and Yusaku Sako.
>
>
> Bugs: AMBARI-17320
> https://issues.apache.org/jira/browse/AMBARI-17320
>
>
> Repository: ambari
>
>
> Description
> ---
>
> `ldap_url` and `container_dn` are expected for MIT security type. They
> should only be required for AD integration.
>
> # Example BP
> ```
> {
> "configurations": [
> {
> "cluster-env": {
> "properties": {
> "command_retry_max_time_in_sec": "1200"
> }
> }
> },
> {
> "kerberos-env": {
> "properties": {
> "realm": "EXAMPLE.COM",
> "kdc_type": "mit-kdc",
> "kdc_hosts": "kdc.example.com",
> "admin_server_host": "kdc.example.com",
> "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
> "service_check_principal_name": "cl1-QutreRP8p3"
> }
> }
> },
> {
> "krb5-conf": {
> "properties": {
> "domains": "",
> "manage_krb5_conf": "true"
> }
> }
> }
> ],
> "host_groups": [
> {
> "name": "host1",
> "cardinality": "1",
> "components": [
> {
> "name": "DATANODE"
> },
> {
> "name": "NFS_GATEWAY"
> },
> {
> "name": "HDFS_CLIENT"
> },
> {
> "name": "NODEMANAGER"
> },
> {
> "name": "YARN_CLIENT"
> },
> {
> "name": "MAPREDUCE2_CLIENT"
> },
> {
> "name": "HBASE_REGIONSERVER"
> },
> {
> "name": "HBASE_CLIENT"
> },
> {
> "name": "PHOENIX_QUERY_SERVER"
> },
> {
> "name": "HIVE_CLIENT"
> },
> {
> "name": "HCAT"
> },
> {
> "name": "OOZIE_CLIENT"
> },
> {
> "name": "ZOOKEEPER_CLIENT"
> },
> {
> "name": "SUPERVISOR"
> },
> {
> "name": "FALCON_CLIENT"
> },
> {
> "name": "FLUME_HANDLER"
> },
> {
> "name": "METRICS_MONITOR"
> },
> {
> "name": "RANGER_TAGSYNC"
> },
> {
> "name": "TEZ_CLIENT"
> },
> {
> "name": "PIG"
> },
> {
> "name": "SQOOP"
> },
> {
> "name": "SLIDER"
> },
> {
> "name": "KERBEROS_CLIENT"
> },
> {
> "name": "MAHOUT"
> },
> {
> "name": "HST_AGENT"
> },
> {
> "name": "LOGSEARCH_LOGFEEDER"
> },
> {
> "name": "LOGSEARCH_SOLR_CLIENT"
> }
> ]
> }
> ],
> "Blueprints": {
> "blueprint_name": "bp1",
> "stack_name": "HDP",
> "stack_version": "2.5"
> }
> }
> ```
>
> ```
> curl -H "X-Requested-By:ambari" -u admin:admin -i -X POST -d @./bp1.json
> http://localhost:8080/api/v1/blueprints/bp1
> HTTP/1.1 100 Continue
>
> HTTP/1.1 400 Bad Request
> Date: Mon, 20 Jun 2016 19:02:27 GMT
> X-Frame-Options: DENY
> X-XSS-Protection: 1; mode=block
> Set-Cookie: AMBARISESSIONID=1a4dqzhedwoog4xg8jbu36e2q;Path=/;HttpOnly
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> User: admin
> Content-Type: text/plain
> Content-Length: 227
> Server: Jetty(9.2.11.v20150529)
>
> {
> "status" : 400,
> "message" : "Blueprint configuration validation failed: Missing required
> properties. Specify a value for these properties in the blueprint
> configuration. {host1={kerberos-env=[ldap_url, container_dn]}}"
> }
> ```
>
> # Solution
> Remove the `require-input` flag from the offending properties. This UI
> appears to handle making the fields required if necessary. Eventually a
> conditionally-required-input type should be created to handle this
> dynamically.
>
>
> Diffs
> -
>
>
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
> 98d2ada
>
> Diff: https://reviews.apache.or
Review Request 49286: AmbariServer looks for ldap_url, container_dn in blueprint even for MIT security type
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49286/
---
Review request for Ambari, Alejandro Fernandez, Denys Buzhor, Jonathan Hurley,
and Yusaku Sako.
Bugs: AMBARI-17320
https://issues.apache.org/jira/browse/AMBARI-17320
Repository: ambari
Description
---
`ldap_url` and `container_dn` are expected for MIT security type. They should
only be required for AD integration.
# Example BP
```
{
"configurations": [
{
"cluster-env": {
"properties": {
"command_retry_max_time_in_sec": "1200"
}
}
},
{
"kerberos-env": {
"properties": {
"realm": "EXAMPLE.COM",
"kdc_type": "mit-kdc",
"kdc_hosts": "kdc.example.com",
"admin_server_host": "kdc.example.com",
"encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
"service_check_principal_name": "cl1-QutreRP8p3"
}
}
},
{
"krb5-conf": {
"properties": {
"domains": "",
"manage_krb5_conf": "true"
}
}
}
],
"host_groups": [
{
"name": "host1",
"cardinality": "1",
"components": [
{
"name": "DATANODE"
},
{
"name": "NFS_GATEWAY"
},
{
"name": "HDFS_CLIENT"
},
{
"name": "NODEMANAGER"
},
{
"name": "YARN_CLIENT"
},
{
"name": "MAPREDUCE2_CLIENT"
},
{
"name": "HBASE_REGIONSERVER"
},
{
"name": "HBASE_CLIENT"
},
{
"name": "PHOENIX_QUERY_SERVER"
},
{
"name": "HIVE_CLIENT"
},
{
"name": "HCAT"
},
{
"name": "OOZIE_CLIENT"
},
{
"name": "ZOOKEEPER_CLIENT"
},
{
"name": "SUPERVISOR"
},
{
"name": "FALCON_CLIENT"
},
{
"name": "FLUME_HANDLER"
},
{
"name": "METRICS_MONITOR"
},
{
"name": "RANGER_TAGSYNC"
},
{
"name": "TEZ_CLIENT"
},
{
"name": "PIG"
},
{
"name": "SQOOP"
},
{
"name": "SLIDER"
},
{
"name": "KERBEROS_CLIENT"
},
{
"name": "MAHOUT"
},
{
"name": "HST_AGENT"
},
{
"name": "LOGSEARCH_LOGFEEDER"
},
{
"name": "LOGSEARCH_SOLR_CLIENT"
}
]
}
],
"Blueprints": {
"blueprint_name": "bp1",
"stack_name": "HDP",
"stack_version": "2.5"
}
}
```
```
curl -H "X-Requested-By:ambari" -u admin:admin -i -X POST -d @./bp1.json
http://localhost:8080/api/v1/blueprints/bp1
HTTP/1.1 100 Continue
HTTP/1.1 400 Bad Request
Date: Mon, 20 Jun 2016 19:02:27 GMT
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Set-Cookie: AMBARISESSIONID=1a4dqzhedwoog4xg8jbu36e2q;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
User: admin
Content-Type: text/plain
Content-Length: 227
Server: Jetty(9.2.11.v20150529)
{
"status" : 400,
"message" : "Blueprint configuration validation failed: Missing required
properties. Specify a value for these properties in the blueprint
configuration. {host1={kerberos-env=[ldap_url, container_dn]}}"
}
```
# Solution
Remove the `require-input` flag from the offending properties. This UI appears
to handle making the fields required if necessary. Eventually a
conditionally-required-input type should be created to handle this dynamically.
Diffs
-
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
98d2ada
Diff: https://reviews.apache.org/r/49286/diff/
Testing
---
Manually tested.
Thanks,
Robert Levas
